BSP orders banks to report cyberhacks, service disruptions within 2 hours | Inquirer Business

BSP orders banks to report cyberhacks, service disruptions within 2 hours

By: - Business News Editor / @daxinq
/ 02:52 PM October 26, 2018

Banks must now report to authorities any cyberhacking incidents or disruptions to technology-based financial services they provide clients within two hours of their discovery, the central bank said on Friday.

In a statement, the Bangko Sentral ng Pilipinas (BSP) said that these new regulations – significantly tighter than the 10-day reporting window previously allowed for such events – are being put in place “in response to the increasingly persistent, sophisticated and targeted attacks launched against financial institutions.”

“Prompt reporting of these incidents by supervised financial institutions will allow the Bangko Sentral to have an enhanced visibility on the changing information technology risk landscape and to proactively ensure that their impact and resulting risks are minimized and contained to avert potential systemic risks to the financial system,” it said.

Article continues after this advertisement

Banking industry insiders have noted that local financial institutions have been experiencing more cyberhacking attempts in recent years, from suspected large scale attempts to compromise bank computers to small scale “phishing” activities perpetrated on unsuspecting clients.

FEATURED STORIES

Some large local banks have also experienced disruptions in their ATM network services, some lasting as long as four days, causing inconveniences to thousands of clients.

The tighter regulations in response to these issues were approved by the Monetary Board recently to cover “cyber-related incidents and operational disruptions.”

Article continues after this advertisement

“From 10 calendar days prescribed under existing regulations, [supervised financial institutions] are now required to report major cyber-related incidents and disruptions of financial services and operations within two hours from discovery of the incident,” the BSP said.

Article continues after this advertisement

“This is necessary in view of the speed of exploitation, proliferation of attack tools and actors, and potentially massive extent of damage from cyber-related incidents,” it explained.

Article continues after this advertisement

Having quick access to information on these incidents will enable regulators to alert other banks, industry associations and other relevant stakeholders that may be affected by a specific attack.

After the initial notification, the affected financial institutions are likewise mandated to submit a follow-up report within 24 hours from the incident containing information such as the manner and time of initial detection, impact of the incident, and initial remedial response.

Article continues after this advertisement

“The BSP shall closely monitor the situation, coordinate with the concerned financial institution, and undertake appropriate supervisory actions if warranted, until full resolution of the incident,” it said.

The BSP may also issue appropriate advisories, security bulletins or policies to prevent recurrence of the incident and promote enterprise and industry-wide operational resilience.

The new regulations are consistent with BSP Circular No. 982 on enhanced guidelines on information security management issued in 2017 which identified incident reporting as part and parcel of BSFIs’ incident management plans.  The new issuance is also timely as banks prepare for full compliance to this circular by Nov. 26, 2018.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

“The new regulations further strengthen the BSP’s cyber-threat surveillance capabilities crucial for industry-wide cyber-preparedness, protection and crisis management,” the central bank said.  /muf

TAGS: Banking, BSP, Business, cyber security, cyberhacks, Philippine news

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.